[arch-general] [arch-dev-public] Can we trust our mirrors?
vla at uni-bonn.de
vla at uni-bonn.de
Sat Nov 29 22:22:49 EST 2008
Am So, 30.11.2008, 00:24, schrieb Aaron Griffin:
> All we'd need is to patch repo-add to include signature data in the
> DB. To do this properly, signatures should be uploaded with the
> package itself, from the packager's machine... hmmm
>
perhaps i missed something, but wouldn´t be the easiest way to download
the db.tar.gz directly from ftp.archlinux.org or another trusted server
and the packages from the mirrors? something like a decentralized system.
vlad
More information about the arch-general
mailing list